Very little work has been done to integrate security and network-layer mobility into real systems that tackle the issues of secure enclaves. This proposal will result in the development of a high performance Secure Mobile Network and insights into its use as part of the National Information Infrastructure.
Portland State University proposes to develop a Secure Mobile Network at the network layer with robustness and topological flexibility that allows for network redundancy. Our work will allow routers and end systems to form secure enclaves that interact with other secure and insecure networks. The Network we develop will also serve as a testbed for the integration of different network-layer security mechanisms.
Innovative aspects of our approach will include development of: 1) a secure network layer meeting IPSEC specifications, and 2) ad hoc and mobile networking. (Ad hoc, from IEEE 802.11, refers to end systems communicating without a base station.) Most ad hoc networks today occur when two or more portable Macintosh users connect their machines with appletalk cables giving a routerless but physically connected network.
The recent emergence of wireless network technology that supports user mobility has prompted new security requirements and concerns. A number of working groups in the Internet Engineering Task Force (IETF) have been addressing the issues of network-layer mobility (Mobile-IP) and network layer security (IPSEC).
Rapid advances in mobile communication technology have accentuated the need for network security. We will develop a security protocol in the network layer, as per IPSEC specifications, that will flexibly support combinations of authentication, integrity, access control, and confidentiality. The protocol formats will be independent of the cryptographic algorithms. Our system will permit a number of secure topologies, including mobile host to mobile host, subnet to subnet, and host to subnet. We will also establish a flexible two-way tunnel mechanism that will allow the establishment of a virtual secure mobile network routed through insecure regions.
Although some of the elements of security and mobile networking are understood, their combination is liable to produce a fair amount of project risk. We intend to address the risk through a process of incremental project development, judicious use of formal protocol security analysis, and good software engineering techniques including tiger-team attacks on the deployed system. Our team is particularly well qualified to undertake this project comprising the necessary skills in computer security, networking, engineering, and protocol analysis.
The complete Secure Mobile Network will be deployed as a local area network (LAN) at Portland State University and will be utilized by `real' users. We will share all developed technology through IPSEC and IETF channels and make all resulting software publicly available. We will also make all our research available to the mobile networking community at large through demonstrations, conferences and technical papers.
back to Proposal Outline
Email to Jim Binkley:
jrb@cs.pdx.edu